Vulnerability Description
Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to create a fake node via supplying crafted packets.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Silabs | Z-Wave Software Development Kit | <= 7.21.1 |
| Silabs | Efr32Zg14P231F256Gm32 | - |
| Silabs | Efr32Zg23A010F512Gm40 | - |
| Silabs | Efr32Zg23A010F512Gm48 | - |
| Silabs | Efr32Zg23A020F512Gm40 | - |
| Silabs | Efr32Zg23A020F512Gm48 | - |
| Silabs | Efr32Zg23B010F512Im40 | - |
| Silabs | Efr32Zg23B010F512Im48 | - |
| Silabs | Efr32Zg23B011F512Im40 | - |
| Silabs | Efr32Zg23B020F512Im40 | - |
| Silabs | Efr32Zg23B020F512Im48 | - |
| Silabs | Efr32Zg23B021F512Im40 | - |
| Silabs | Zgm130S037Hgn | - |
| Silabs | Zgm230Sa27Hgn | - |
| Silabs | Zgm230Sb27Hgn | - |
Related Weaknesses (CWE)
References
- https://github.com/CNK2100/2024-CVE/blob/main/README.mdExploitThird Party Advisory
FAQ
What is CVE-2024-50920?
CVE-2024-50920 is a vulnerability with a CVSS score of 8.8 (HIGH). Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to create a fake node via supplying crafted packets.
How severe is CVE-2024-50920?
CVE-2024-50920 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-50920?
Check the references section above for vendor advisories and patch information. Affected products include: Silabs Z-Wave Software Development Kit, Silabs Efr32Zg14P231F256Gm32, Silabs Efr32Zg23A010F512Gm40, Silabs Efr32Zg23A010F512Gm48, Silabs Efr32Zg23A020F512Gm40.